New OSX.Dok malware intercepts web traffic
Most Mac malware tends to be unsophisticated. Although it has some rather unpolished and awkward aspects, a new piece of Mac malware, dubbed OSX.Dok, breaks out of that typical mold. OSX.Dok, which was discovered by Check Point, uses sophisticated means to monitor—and potentially alter—all HTTP and HTTPS traffic to and from the infected Mac. This means that the malware is capable, for example, of capturing account credentials for any website users log into, which offers many opportunities for theft of cash and data.
OSX.Dok comes in the form of a file named Dokument.zip, which is found being emailed to victims in phishing emails. This “document” is, of course, actually an application. After several minutes, the app will obscure the entire screen with a fake update notification.
Fortunately, when the user attempts to open this app, the macOS will display a standard notification to warn the user. Apple has already revoked the certificate used to sign the app, so, at this point, anyone who encounters this malware will be unable to open the app and unable to be infected by it.